diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java')
| -rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java | 798 |
1 files changed, 378 insertions, 420 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index c2d221731..1e452a8a9 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -69,49 +69,51 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.util.HMACDigest; - /** * A command-line utility used to generate a Certificate Request Message * Format (CRMF) request with proof of possesion (POP). - * + * * Usage: + * * <pre> * CRMFPopClient TOKEN_PWD * PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME * POP_OPTION * SUBJECT_DN [OUTPUT_CERT_REQ] - * + * * --- or --- - * + * * CRMFPopClient TOKEN_PWD * POP_OPTION * OUTPUT_CERT_REQ SUBJECT_DN - * - * + * + * * where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE] * </pre> * <p> * Examples: + * * <pre> * CRMFPopClient password123 * caEncUserCert host.example.com 1026 MyUid MyUid * [POP_SUCCESS or POP_FAIL or POP_NONE] * CN=MyTest,C=US,UID=MyUid - * + * * --- or --- - * + * * CRMFPopClient password123 * caEncUserCert host.example.com 1026 joe joe * [POP_SUCCESS or POP_FAIL or POP_NONE] * CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ - * + * * --- or --- - * + * * CRMFPopClient password123 * [POP_SUCCESS or POP_FAIL or POP_NONE] * OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid * </pre> * <p> + * * <pre> * IMPORTANT: The file "transport.txt" needs to be created to contain the * transport certificate in its base64 encoded format. This @@ -119,543 +121,499 @@ import com.netscape.cmsutil.util.HMACDigest; * in base64 encoded format with the header and footer removed. * </pre> * <p> + * * @version $Revision$, $Date$ */ -public class CRMFPopClient -{ - - private static void usage() - { - System.out.println(""); - System.out.println("Description: A command-line utility used to generate a"); - System.out.println(" Certificate Request Message Format (CRMF)"); - System.out.println(" request with proof of possesion (POP).\n\n"); - System.out.println("Usage:"); - System.out.println(""); - System.out.println(" CRMFPopClient TOKEN_PWD"); - System.out.println(" PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME"); - System.out.println(" POP_OPTION"); - System.out.println(" SUBJECT_DN [OUTPUT_CERT_REQ] \n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient TOKEN_PWD"); - System.out.println(" POP_OPTION"); - System.out.println(" OUTPUT_CERT_REQ SUBJECT_DN\n\n"); - System.out.println(" where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE]\n\n"); - System.out.println("Examples:"); - System.out.println(""); - System.out.println(" CRMFPopClient password123"); - System.out.println(" caEncUserCert host.example.com 1026 MyUid MyUid"); - System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" CN=MyTest,C=US,UID=MyUid\n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient password123"); - System.out.println(" caEncUserCert host.example.com 1026 MyUid myUid"); - System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient password123"); - System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid"); - System.out.println("\n"); - System.out.println("IMPORTANT: The file \"transport.txt\" needs to be created to contain the"); - System.out.println(" transport certificate in its base64 encoded format. This"); - System.out.println(" file should consist of one line containing a single certificate"); - System.out.println(" in base64 encoded format with the header and footer removed.\n"); - } - private static int getRealArgsLength(String args[]) - { - - int len = args.length; - - String curArg = ""; - int finalLen = len; - - for(int i = 0; i < len; i++) - { +public class CRMFPopClient { + + private static void usage() { + System.out.println(""); + System.out.println("Description: A command-line utility used to generate a"); + System.out.println(" Certificate Request Message Format (CRMF)"); + System.out.println(" request with proof of possesion (POP).\n\n"); + System.out.println("Usage:"); + System.out.println(""); + System.out.println(" CRMFPopClient TOKEN_PWD"); + System.out.println(" PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME"); + System.out.println(" POP_OPTION"); + System.out.println(" SUBJECT_DN [OUTPUT_CERT_REQ] \n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient TOKEN_PWD"); + System.out.println(" POP_OPTION"); + System.out.println(" OUTPUT_CERT_REQ SUBJECT_DN\n\n"); + System.out.println(" where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE]\n\n"); + System.out.println("Examples:"); + System.out.println(""); + System.out.println(" CRMFPopClient password123"); + System.out.println(" caEncUserCert host.example.com 1026 MyUid MyUid"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" CN=MyTest,C=US,UID=MyUid\n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient password123"); + System.out.println(" caEncUserCert host.example.com 1026 MyUid myUid"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient password123"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid"); + System.out.println("\n"); + System.out.println("IMPORTANT: The file \"transport.txt\" needs to be created to contain the"); + System.out.println(" transport certificate in its base64 encoded format. This"); + System.out.println(" file should consist of one line containing a single certificate"); + System.out.println(" in base64 encoded format with the header and footer removed.\n"); + } + + private static int getRealArgsLength(String args[]) { + + int len = args.length; + + String curArg = ""; + int finalLen = len; + + for (int i = 0; i < len; i++) { + + curArg = args[i]; + // System.out.println("arg[" + i + "] " + curArg); + + if (curArg == null || curArg.equalsIgnoreCase("")) { + finalLen--; + } - curArg = args[i]; - // System.out.println("arg[" + i + "] " + curArg); + } + //System.out.println("getRealArgsLength: returning " + finalLen); - if(curArg == null || curArg.equalsIgnoreCase("")) { - finalLen --; - } + if (finalLen < 0) + finalLen = 0; - } + return finalLen; - //System.out.println("getRealArgsLength: returning " + finalLen); + } - if(finalLen < 0) - finalLen = 0; + public static void main(String args[]) { + String USER_PREFIX = "user"; + int argsLen = getRealArgsLength(args); - return finalLen; + // System.out.println("args length " + argsLen); + System.out.println("\n\nProof Of Possession Utility...."); + System.out.println(""); + if (argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen != 10 && argsLen != 4)) { + usage(); + return; } - public static void main(String args[]) - { - String USER_PREFIX = "user"; - - - int argsLen = getRealArgsLength(args); - - // System.out.println("args length " + argsLen); + String DB_DIR = "./"; + String TOKEN_PWD = args[0]; + int KEY_LEN = 1024; - System.out.println("\n\nProof Of Possession Utility...."); - System.out.println(""); + int PORT = 0; + String USER_NAME = null; + String REQUESTOR_NAME = null; + String PROFILE_NAME = null; - if(argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen !=10 && argsLen != 4)) - { - usage(); - return; - } + String HOST = null; + String SUBJ_DN = null; - String DB_DIR = "./"; - String TOKEN_PWD = args[0]; - int KEY_LEN = 1024; + if (argsLen >= 8) { + PROFILE_NAME = args[1]; + HOST = args[2]; + PORT = Integer.parseInt(args[3]); - int PORT = 0; - String USER_NAME = null; - String REQUESTOR_NAME = null; - String PROFILE_NAME = null; - - String HOST = null; - String SUBJ_DN = null; - - if(argsLen >= 8) - { - PROFILE_NAME = args[1]; - HOST = args[2]; - - PORT = Integer.parseInt(args[3]); + USER_NAME = args[4]; + REQUESTOR_NAME = args[5]; - USER_NAME = args[4]; - REQUESTOR_NAME = args[5]; + SUBJ_DN = args[7]; - SUBJ_DN = args[7]; - - } - - String POP_OPTION = null; - String OUTPUT_CERT_REQ = null; - - if(argsLen == 4) - POP_OPTION = args[1]; - else - POP_OPTION = args[6]; + } + String POP_OPTION = null; + String OUTPUT_CERT_REQ = null; - int doServerHit = 1; + if (argsLen == 4) + POP_OPTION = args[1]; + else + POP_OPTION = args[6]; - if(argsLen >= 9) { - OUTPUT_CERT_REQ = args[8]; - } + int doServerHit = 1; - if(argsLen == 4) - { - doServerHit = 0; - OUTPUT_CERT_REQ = args[2]; - SUBJ_DN = args[3]; - } + if (argsLen >= 9) { + OUTPUT_CERT_REQ = args[8]; + } + if (argsLen == 4) { + doServerHit = 0; + OUTPUT_CERT_REQ = args[2]; + SUBJ_DN = args[3]; + } - int dont_do_pop = 0; + int dont_do_pop = 0; - if(POP_OPTION.equals("POP_NONE")) - { - dont_do_pop = 1; - } + if (POP_OPTION.equals("POP_NONE")) { + dont_do_pop = 1; + } - URL url = null; - URLConnection conn = null; - InputStream is = null; - BufferedReader reader = null; - boolean success = false; - int num = 1; - long total_time = 0; - KeyPair pair = null; + URL url = null; + URLConnection conn = null; + InputStream is = null; + BufferedReader reader = null; + boolean success = false; + int num = 1; + long total_time = 0; + KeyPair pair = null; + + boolean foundTransport = false; + String transportCert = null; + try { + BufferedReader br = new BufferedReader(new FileReader("./transport.txt")); + transportCert = br.readLine(); + foundTransport = true; + } catch (Exception e) { + System.out.println("ERROR: cannot find ./transport.txt, so no key archival"); + + return; + } + try { + CryptoManager.initialize(DB_DIR); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + // return; + } - boolean foundTransport = false; - String transportCert = null; + try { + CryptoManager manager = CryptoManager.getInstance(); + String token_pwd = TOKEN_PWD; + CryptoToken token = manager.getInternalKeyStorageToken(); + Password password = new Password(token_pwd.toCharArray()); try { - BufferedReader br = new BufferedReader(new FileReader("./transport.txt")); - transportCert = br.readLine(); - foundTransport = true; + token.login(password); } catch (Exception e) { - System.out.println("ERROR: cannot find ./transport.txt, so no key archival"); - - return; - } - - - - try { - CryptoManager.initialize( DB_DIR ); - } catch (Exception e) { - // it is ok if it is already initialized - System.out.println("INITIALIZATION ERROR: " + e.toString()); - // return; + //System.out.println("login Exception: " + e.toString()); + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } } + System.out.println("."); //"done with cryptomanager"); - try { - CryptoManager manager = CryptoManager.getInstance(); - String token_pwd = TOKEN_PWD; - CryptoToken token = manager.getInternalKeyStorageToken(); - Password password = new Password(token_pwd.toCharArray()); - try { - token.login(password); - } catch (Exception e) { - //System.out.println("login Exception: " + e.toString()); - if (!token.isLoggedIn()) { - token.initPassword(password, password); - } - } - - System.out.println("."); //"done with cryptomanager"); + KeyPairGenerator kg = token.getKeyPairGenerator( + KeyPairAlgorithm.RSA); + kg.initialize(KEY_LEN); - KeyPairGenerator kg = token.getKeyPairGenerator( - KeyPairAlgorithm.RSA); - kg.initialize(KEY_LEN); + String profileName = PROFILE_NAME; + pair = kg.genKeyPair(); - String profileName = PROFILE_NAME; - pair = kg.genKeyPair(); + System.out.println("."); //key pair generated"); - System.out.println("."); //key pair generated"); + // wrap private key + byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); - // wrap private key - byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); + X509Certificate tcert = manager.importCACertPackage(transport); - X509Certificate tcert = manager.importCACertPackage(transport); + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); + SymmetricKey sk = kg1.generate(); - KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); - SymmetricKey sk = kg1.generate(); + System.out.println("."); //before KeyWrapper"); - System.out.println("."); //before KeyWrapper"); + // wrap private key using session + KeyWrapper wrapper1 = + token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - // wrap private key using session - KeyWrapper wrapper1 = - token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + System.out.println("."); //key wrapper created"); - System.out.println("."); //key wrapper created"); + wrapper1.initWrap(sk, new IVParameterSpec(iv)); - wrapper1.initWrap(sk, new IVParameterSpec(iv)); + System.out.println("."); //key wrapper inited"); + byte key_data[] = wrapper1.wrap((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); - System.out.println("."); //key wrapper inited"); - byte key_data[] = wrapper1.wrap((org.mozilla.jss.crypto.PrivateKey)pair.getPrivate()); + System.out.println("."); //key wrapper wrapped"); - System.out.println("."); //key wrapper wrapped"); + // wrap session using transport + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); - // wrap session using transport - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + System.out.println("."); //got rsaWrapper"); - System.out.println("."); //got rsaWrapper"); + rsaWrap.initWrap(tcert.getPublicKey(), null); - rsaWrap.initWrap(tcert.getPublicKey(), null); + System.out.println("."); //rsaWrap inited"); - System.out.println("."); //rsaWrap inited"); + byte session_data[] = rsaWrap.wrap(sk); - byte session_data[] = rsaWrap.wrap(sk); + System.out.println("."); //rsaWrapped"); - System.out.println("."); //rsaWrapped"); - - try { - // create CRMF - CertTemplate certTemplate = new CertTemplate(); - certTemplate.setVersion(new INTEGER(2)); - - Name n1 = getJssName(SUBJ_DN); - - - Name n = new Name(); - - n.addCommonName("Me"); - n.addCountryName("US"); - n.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString("MyUid"))); + try { + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + certTemplate.setVersion(new INTEGER(2)); + + Name n1 = getJssName(SUBJ_DN); + + Name n = new Name(); + + n.addCommonName("Me"); + n.addCountryName("US"); + n.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString("MyUid"))); + + if (n1 != null) + certTemplate.setSubject(n1); + else + certTemplate.setSubject(n); + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + // set extension + AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv)); + EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0), null, null, new BIT_STRING(key_data, 0)); + EncryptedKey key = new EncryptedKey(encValue); + PKIArchiveOptions opt = new PKIArchiveOptions(key); + SEQUENCE seq = new SEQUENCE(); + if (foundTransport) { + seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt)); + } - if(n1 != null) - certTemplate.setSubject(n1); - else - certTemplate.setSubject(n); + // Add idPOPLinkWitness control + String secretValue = "testing"; + byte[] key1 = null; + byte[] finalDigest = null; + try { + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + key1 = SHA1Digest.digest(secretValue.getBytes()); + } catch (NoSuchAlgorithmException ex) { + } - certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); - // set extension - AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv)); - EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0),null, null,new BIT_STRING(key_data, 0)); - EncryptedKey key = new EncryptedKey(encValue); - PKIArchiveOptions opt = new PKIArchiveOptions(key); - SEQUENCE seq = new SEQUENCE(); - if (foundTransport) { - seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"),opt)); - } - + /* Example of adding the POP link witness control to CRMF */ + byte[] b = + { 0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, + 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, + 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, + 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, + 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, + 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, + 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, + 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69 }; - // Add idPOPLinkWitness control - String secretValue = "testing"; - byte[] key1 = null; - byte[] finalDigest = null; - try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - key1 = SHA1Digest.digest(secretValue.getBytes()); - } catch (NoSuchAlgorithmException ex) { - } + try { + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); + hmacDigest.update(b); + finalDigest = hmacDigest.digest(); + } catch (NoSuchAlgorithmException ex) { + } -/* Example of adding the POP link witness control to CRMF */ -byte[] b = -{0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, - 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, - 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, - 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, - 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, - 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, - 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, - 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69}; + OCTET_STRING ostr = new OCTET_STRING(finalDigest); + seq.addElement(new AVA(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr)); + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, seq); - try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); - hmacDigest.update(b); - finalDigest = hmacDigest.digest(); - } catch (NoSuchAlgorithmException ex) { - } - + System.out.println("."); //CertRequest created"); - OCTET_STRING ostr = new OCTET_STRING(finalDigest); - seq.addElement(new AVA(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr)); - CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, seq); + ByteArrayOutputStream bo = new ByteArrayOutputStream(); + certReq.encode(bo); + byte[] toBeVerified = bo.toByteArray(); - System.out.println("."); //CertRequest created"); + byte popdata[] = ASN1Util.encode(certReq); + byte signature[]; + System.out.println("."); //CertRequest encoded"); - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - certReq.encode(bo); - byte[] toBeVerified = bo.toByteArray(); - - byte popdata[] = ASN1Util.encode(certReq); - byte signature[]; + Signature signer = token.getSignatureContext( + SignatureAlgorithm.RSASignatureWithMD5Digest); - System.out.println("."); //CertRequest encoded"); + System.out.println("."); //signer created"); - Signature signer = token.getSignatureContext( - SignatureAlgorithm.RSASignatureWithMD5Digest); + signer.initSign((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); - System.out.println("."); //signer created"); + System.out.println("."); //signer inited"); - signer.initSign((org.mozilla.jss.crypto.PrivateKey)pair.getPrivate()); + System.out.println("."); //FAIL_OR_SUCC " + FAIL_OR_SUCC); - System.out.println("."); //signer inited"); + if (POP_OPTION.equals("POP_SUCCESS")) { + System.out.println("Generating Legal POP Data....."); + signer.update(toBeVerified); + } else if (POP_OPTION.equals("POP_FAIL")) { + System.out.println("Generating Illegal POP Data....."); + signer.update(iv); + } else if (dont_do_pop == 1) { + System.out.println("Generating NO POP Data....."); + } - System.out.println("."); //FAIL_OR_SUCC " + FAIL_OR_SUCC); + System.out.println("."); //signer updated"); - if(POP_OPTION.equals("POP_SUCCESS")) - { - System.out.println("Generating Legal POP Data....."); - signer.update(toBeVerified); - } - else if(POP_OPTION.equals("POP_FAIL")) - { - System.out.println("Generating Illegal POP Data....."); - signer.update(iv); - } - else if(dont_do_pop == 1) - { - System.out.println("Generating NO POP Data....."); - } + CertReqMsg crmfMsg = null; - System.out.println("."); //signer updated"); + if (dont_do_pop == 0) { + signature = signer.sign(); - CertReqMsg crmfMsg = null; + System.out.println("Signature completed..."); + System.out.println(""); - if(dont_do_pop == 0) - { - signature = signer.sign(); + AlgorithmIdentifier algID = + new AlgorithmIdentifier(SignatureAlgorithm.RSASignatureWithMD5Digest.toOID(), null); + POPOSigningKey popoKey = new POPOSigningKey(null, algID, new BIT_STRING(signature, 0)); - System.out.println("Signature completed..."); - System.out.println(""); + ProofOfPossession pop = ProofOfPossession.createSignature(popoKey); - - AlgorithmIdentifier algID = - new AlgorithmIdentifier(SignatureAlgorithm.RSASignatureWithMD5Digest.toOID(), null ); - POPOSigningKey popoKey = new POPOSigningKey(null,algID, new BIT_STRING(signature,0)); + crmfMsg = new CertReqMsg(certReq, pop, null); - ProofOfPossession pop = ProofOfPossession.createSignature(popoKey); + } else { + crmfMsg = new CertReqMsg(certReq, null, null); - crmfMsg = new CertReqMsg(certReq, pop, null); + } - } - else - { - crmfMsg = new CertReqMsg(certReq, null, null); + //crmfMsg.verify(); - } + SEQUENCE s1 = new SEQUENCE(); + s1.addElement(crmfMsg); + byte encoded[] = ASN1Util.encode(s1); - //crmfMsg.verify(); + String Req1 = com.netscape.osutil.OSUtil.BtoA(encoded); - SEQUENCE s1 = new SEQUENCE(); - s1.addElement(crmfMsg); - byte encoded[] = ASN1Util.encode(s1); + if (OUTPUT_CERT_REQ != null) { + System.out.println("Generated Cert Request: ...... "); + System.out.println(""); - String Req1 = com.netscape.osutil.OSUtil.BtoA(encoded); + System.out.println(Req1); + System.out.println(""); + System.out.println("End Request:"); - if(OUTPUT_CERT_REQ != null) - { - System.out.println("Generated Cert Request: ...... "); - System.out.println(""); + if (doServerHit == 0) + return; + } - System.out.println(Req1); - System.out.println(""); - System.out.println("End Request:"); + String Req = URLEncoder.encode(Req1); - if(doServerHit == 0) - return; - } - - String Req = URLEncoder.encode(Req1); + // post PKCS10 - // post PKCS10 + url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME + "&SubId=profile&requestor_name=" + REQUESTOR_NAME); + //System.out.println("Posting " + url); - url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME +"&SubId=profile&requestor_name="+ REQUESTOR_NAME); - //System.out.println("Posting " + url); + System.out.println(""); + System.out.println("Server Response....."); + System.out.println("--------------------"); + System.out.println(""); - System.out.println(""); - System.out.println("Server Response....."); - System.out.println("--------------------"); + long start_time = (new Date()).getTime(); + conn = url.openConnection(); + is = conn.getInputStream(); + reader = new BufferedReader(new InputStreamReader(is)); + String line = null; + while ((line = reader.readLine()) != null) { + System.out.println(line); + if (line.equals("CMS Enroll Request Success")) { + success = true; + System.out.println("Enrollment Successful: ......"); System.out.println(""); + } + } /* while */ + long end_time = (new Date()).getTime(); + total_time += (end_time - start_time); + } catch (Exception e) { + System.out.println("WARNING: " + e.toString()); + e.printStackTrace(); + } + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } - long start_time = (new Date()).getTime(); - conn = url.openConnection(); - is = conn.getInputStream(); - reader = new BufferedReader(new InputStreamReader(is)); - String line = null; - while ((line = reader.readLine()) != null) { - System.out.println(line); - if (line.equals("CMS Enroll Request Success")) { - success = true; - System.out.println("Enrollment Successful: ......"); - System.out.println(""); - } - } /* while */ - long end_time = (new Date()).getTime(); - total_time += (end_time - start_time); - } catch (Exception e) { - System.out.println("WARNING: " + e.toString()); - e.printStackTrace(); - } - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - e.printStackTrace(); - } - } - - static Name getJssName(String dn) - { - - X500Name x5Name = null; + static Name getJssName(String dn) { - try { - x5Name= new X500Name(dn); + X500Name x5Name = null; - } catch(IOException e) { + try { + x5Name = new X500Name(dn); - System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); - System.out.println("Filling in default Subject Name......"); - return null; - } + } catch (IOException e) { - Name ret = new Name(); + System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); + System.out.println("Filling in default Subject Name......"); + return null; + } - netscape.security.x509.RDN[] names = null; + Name ret = new Name(); - names = x5Name.getNames(); + netscape.security.x509.RDN[] names = null; - int nameLen = x5Name.getNamesLength(); + names = x5Name.getNames(); - // System.out.println("x5Name len: " + nameLen); + int nameLen = x5Name.getNamesLength(); - netscape.security.x509.RDN cur = null; + // System.out.println("x5Name len: " + nameLen); - for(int i = 0; i < nameLen ; i++) - { - cur = names[i]; + netscape.security.x509.RDN cur = null; - String rdnStr = cur.toString(); + for (int i = 0; i < nameLen; i++) { + cur = names[i]; + String rdnStr = cur.toString(); - String[] split = rdnStr.split("="); + String[] split = rdnStr.split("="); - if(split.length != 2) - continue; + if (split.length != 2) + continue; - try { + try { - if(split[0].equals("UID")) - { + if (split[0].equals("UID")) { - ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); - // System.out.println("UID found : " + split[1]); + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); + // System.out.println("UID found : " + split[1]); } - if(split[0].equals("C")) - { - ret.addCountryName(split[1]); - // System.out.println("C found : " + split[1]); - continue; - - } + if (split[0].equals("C")) { + ret.addCountryName(split[1]); + // System.out.println("C found : " + split[1]); + continue; - if(split[0].equals("CN")) - { - ret.addCommonName(split[1]); - // System.out.println("CN found : " + split[1]); - continue; } - if(split[0].equals("L")) - { - ret.addLocalityName(split[1]); - // System.out.println("L found : " + split[1]); - continue; + if (split[0].equals("CN")) { + ret.addCommonName(split[1]); + // System.out.println("CN found : " + split[1]); + continue; } - if(split[0].equals("O")) - { - ret.addOrganizationName(split[1]); - // System.out.println("O found : " + split[1]); - continue; + if (split[0].equals("L")) { + ret.addLocalityName(split[1]); + // System.out.println("L found : " + split[1]); + continue; } - if(split[0].equals("ST")) - { - ret.addStateOrProvinceName(split[1]); - // System.out.println("ST found : " + split[1]); - continue; + if (split[0].equals("O")) { + ret.addOrganizationName(split[1]); + // System.out.println("O found : " + split[1]); + continue; } - if(split[0].equals("OU")) - { - ret.addOrganizationalUnitName(split[1]); - // System.out.println("OU found : " + split[1]); - continue; + if (split[0].equals("ST")) { + ret.addStateOrProvinceName(split[1]); + // System.out.println("ST found : " + split[1]); + continue; } - } catch (Exception e) { - System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); + if (split[0].equals("OU")) { + ret.addOrganizationalUnitName(split[1]); + // System.out.println("OU found : " + split[1]); continue; } + } catch (Exception e) { + System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); - + continue; } - return ret; + } + return ret; - } + } } |